Dushyant Kumar's Blog
Introducing the Power of Identity and Access Management (IAM) 🔑

Introducing the Power of Identity and Access Management (IAM) 🔑

Dushyant Kumar's photo
Dushyant Kumar
·

6 min read

Table of contents

🌟Introduction

In the world of cloud computing, Identity and Access Management (IAM) plays a vital role in ensuring data security and managing user access. IAM enables you to define and control user identities, roles, and permissions within your AWS environment. With IAM, you can grant fine-grained access to AWS services, resources, and APIs while maintaining a robust security posture. Mastering IAM empowers you to protect your sensitive data, prevent unauthorized access, and adhere to compliance requirements.

🌟Why is the IAM needed?

Let’s consider an example to understand the IAM role. Consider an organization called CloudTechAI.com, where every employee needs to verify their identity as an employee of the organization by biometrics before entering the premises. This implies that each employee must be authenticated before gaining access to the office.

After entering the office, what will the employees do in the office? In which department they will work? Which computer they will access? This is where authorization comes into the picture.

Subsequently, the organization assigns specific permission to each employee, determining what they can access and accomplish, as well as which department they are authorized to work in. This process is known as authorization.

Similarly to the example mentioned above, AWS Cloud utilizes the IAM role to manage authentication and authorization.

Suppose there is no authentication and authorization process in AWS. In such a scenario, any user could create an account and use any services, they would have root access, granting them the ability to perform virtually any action within the organization’s cloud infrastructure. This could lead to the unintentional or deliberate deletion of critical services related to the application, resulting in significant losses. To mitigate this risk, AWS offers IAM roles.

IAM effectively addresses the challenge of authentication and authorization, providing a solution to ensure the secure management of user access and privileges within the AWS cloud environment.

🌟What is the IAM?

IAM stands for Identity and Access Management. It is a core service of AWS that enables users to manage user identities and control access to AWS resources.

It manages the entire authorization and authentication of the AWS cloud.

🔹What is Authentication?

Authentication is a method of validating the identity of a user. Using authentication you will be only able to view and get into the AWS but you will not be able to access and not be able to create any resources because you don't have the permission.

🔹What is Authorization?

Authorization is the allowed set of permissions given to the user. Using policies, you can authorize the user.

🔹Identities of IAM

🔸 User

Users within AWS represent individual entities including humans, applications, or services that interact with AWS resources. Each user possesses a unique identity and security credentials, such as a username and password, for authentication.

With IAM, administrators can create users, and assign them unique credentials, such as a username and password or access keys, for authentication and also be used to access AWS resources and services. Before assigning any policies or permissions, users initially have root access.

🔸 Policies

Policies are JSON documents that define the permissions and access rules for users, and groups. They allow you (administrators) to specify the actions that are allowed or denied on AWS resources. The JSON file of a policy consists of statements that define one or more permissions and the resources to which those permissions apply. These policies can be pre-defined by AWS and it's known as AWS-managed policies, or you can also create custom policies that you create according to your specific requirements.

IAM policies can be attached to individual users, groups, or roles, and they determine the level of access and permissions granted to those entities. Policies can be created and customized to fulfill specific requirements and address security needs.

Once a user is created, it is necessary to assign them a set of policies that outline the actions they can perform. These policies define the permissions and authorizations for users, groups, or roles, ensuring appropriate access controls and restrictions are in place.

🔸 Groups

Groups are a way to organize users into logical collections. Instead of assigning permission individually to each user, permissions can be granted to a group, and users added to that group inherit those permissions. This simplifies the way of assigning permissions across multiple users with similar access.

In organizations, managing access for individual users can become a hectic task due to the presence of multiple departments and varying access requirements. This is where groups come into play.

Groups provide a solution for organizing users based on their common access needs.

🔸 Roles

Roles are used to grant temporary permissions to AWS services or external identities, without the need for long-term access keys. Roles define a set of permissions that determine what actions can be performed on AWS resources.

Roles in AWS are similar to users, but they are temporary. The credentials, such as usernames and passwords, associated with roles are also temporary.

Let's say you have a web application that needs to interact with an AWS SNS (Simple Notification Service) topic to send out notifications. Rather than embedding access keys in your application's code or configuration files, which can be risky, you can create an IAM role and assign it to your EC2 instances running the web application.

The IAM role would be configured with the necessary permissions to publish messages to the SNS topic. When your EC2 instances assume the role, they obtain temporary security credentials that grant them the permissions specified in the role's policy.

By assigning the IAM role to your EC2 instances, you ensure that only authorized instances can send notifications to the SNS topic. Additionally, you don't need to manage access keys or credentials within your application's code, as the instances automatically receive the necessary permissions through the role.

Similarly, if your application is hosted on a private cloud and needs to access storage in AWS, the application developer can use roles to grant access to AWS storage.

This approach provides a more secure and centralized way to grant permissions to your application components without exposing long-term access keys.

🌟Conclusion

IAM roles are a core component of AWS security and access management. IAM roles provide a secure and flexible approach for organizations to grant access to AWS resources.

Thank you for reading this blog. If you found this blog helpful, please like, share, and follow me for more blog posts like this in the future.

\...................................................................................................................................................

The above information is up to my understanding. Suggestions are always welcome. Thanks for reading this article.

#aws #awsiam #awscloud #DevOps #TrainWithShubham

#90daysofdevopsc #happylearning

Shubham Londhe Sir

Follow for many such contents:

LinkedIn: linkedin.com/in/dushyant-kumar-dk

Blog: dushyantkumark.hashnode.dev

IAMAWSTrainWithShubham#90daysofdevopsAWS Certified Solutions Architect Associate